McAfee and SEO poisoning: there but for the grace…

ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please remind me to finish my article on PERFECT.BAT..) Fortunately, most FPs don't have such public consequences, and McAfee deserve more credit than they've received for their prompt response and attempts at remediation. Again, I wouldn't expect less of a reputable vendor.

It didn't feel appropriate to discuss support issues for a competing product here (though someone did ask us recently for information on a Trend Micro issue!), but I have, wearing my AVIEN vendor-neutral hat, included pointers to the relevant links for people experiencing such problems in a blog here.

However, our labs in Bratislava and Latin America have advised us that they've seen SEO poisoning relating to the issue, and pointing to malicious sites that attempt to install fake antivirus (for which we have detection). I note that Graham Cluley of Sophos is also reporting malicious links on search terms like mcafee, wecorl, svchost.exe, false positive and so on, though I don't know if Sophos is seeing exactly the same malware.

Clearly, you should, as usual, be cautious about following links relating to topical issues.

David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://amtso.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/
http://chainmailcheck.wordpress.com
http://smallbluegreenblog.wordpress.com/
 

Author David Harley, ESET

  • jcbatucan

    Well, everything has its antagonist. Despite from the raging success of SEO which had been tested and proven by lots of on-liners, businessmen and marketers. Success has its counterpart and that is destruction.
     
    <a href="
    <a href=" Nottingham</a>
    <a href=" Company</a>

     

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
22 Apr 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.